Accepting request 356411 from home:cyphar:branches:Virtualization:containers

This adds a fix for the (quite specific) JSON bug which completely breaks container starts.

OBS-URL: https://build.opensuse.org/request/show/356411
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=57
This commit is contained in:
Aleksa Sarai 2016-01-28 08:07:07 +00:00 committed by Git OBS Bridge
parent cbbbf2fd6f
commit 9dce1f84b9
3 changed files with 148 additions and 2 deletions

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Jan 27 23:40:09 UTC 2016 - asarai@suse.com
- backport 1 bugfix from the upstream 1.10 branch
Added:
fix_json_econnreset_bug.patch (https://github.com/docker/docker/issues/14203)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 21 16:52:41 UTC 2016 - jmassaguerpla@suse.com Thu Jan 21 16:52:41 UTC 2016 - jmassaguerpla@suse.com

View File

@ -50,12 +50,14 @@ Patch2: fix_bnc_958255.patch
Patch3: use_fs_cgroups_by_default.patch Patch3: use_fs_cgroups_by_default.patch
# fix an issue with cgroups. This is fixed upstream, too. # fix an issue with cgroups. This is fixed upstream, too.
Patch4: fix_cgroup.parent_path_sanitisation.patch Patch4: fix_cgroup.parent_path_sanitisation.patch
# fix an issue with JSON and containers not starting. This is fixed upstream, too.
Patch5: fix_json_econnreset_bug.patch
# Required to overcome some limitations of gcc-go: https://groups.google.com/forum/#!msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ # Required to overcome some limitations of gcc-go: https://groups.google.com/forum/#!msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ
# Right now docker passes the sha1sum of the dockerinit binary to the docker binary at build time # Right now docker passes the sha1sum of the dockerinit binary to the docker binary at build time
# We cannot do that, right now a quick and really dirty way to get it running is # We cannot do that, right now a quick and really dirty way to get it running is
# to simply disable this check # to simply disable this check
# Required to overcome some limitations of gcc-go: https://groups.google.com/forum/# !msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ # Required to overcome some limitations of gcc-go: https://groups.google.com/forum/# !msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ
Patch5: gcc5_socket_workaround.patch Patch6: gcc5_socket_workaround.patch
Patch100: ignore-dockerinit-checksum.patch Patch100: ignore-dockerinit-checksum.patch
Patch101: gcc-go-patches.patch Patch101: gcc-go-patches.patch
Patch102: add_bolt_ppc64.patch Patch102: add_bolt_ppc64.patch
@ -158,6 +160,7 @@ Test package for docker. It contains the source code and the tests.
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1
# 1330 is Tumbleweed after leap has been released # 1330 is Tumbleweed after leap has been released
# gcc5-go in Tumbleweed includes this commit # gcc5-go in Tumbleweed includes this commit
# https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb # https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb
@ -166,7 +169,7 @@ Test package for docker. It contains the source code and the tests.
# for that issue. # for that issue.
# Thus, we need to workaround the workaroundn in tumbleweed # Thus, we need to workaround the workaroundn in tumbleweed
%if 0%{?suse_version} >= 1330 && 0%{?is_opensuse} == 1 %if 0%{?suse_version} >= 1330 && 0%{?is_opensuse} == 1
%patch5 -p1 %patch6 -p1
%endif %endif
%ifnarch %go_arches %ifnarch %go_arches
%patch100 -p1 %patch100 -p1

View File

@ -0,0 +1,136 @@
commit 7b5896702bd2951541af27925620172edb5d3505
Author: Michael Crosby <crosbymichael@gmail.com>
Date: Tue Jan 26 15:00:07 2016 -0800
Update libcontainer to 3d8a20bb772defc28c355534d83
Fixes #14203
This bump fixes the issue of having the container's pipes connection
reset by peer because of using the json.Encoder and having a \n added to
the output.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Index: docker-1.9.1/hack/vendor.sh
===================================================================
--- docker-1.9.1.orig/hack/vendor.sh
+++ docker-1.9.1/hack/vendor.sh
@@ -48,7 +48,7 @@ clone git github.com/agl/ed25519 d2b94fd
# this runc commit from branch relabel_fix_docker_1.9.1, pls remove it when you
# update next time
-clone git github.com/opencontainers/runc 1349b37bd56f4f5ce2690b5b2c0f53f88a261c67 # libcontainer
+clone git github.com/opencontainers/runc 3d8a20bb772defc28c355534d83486416d1719b4 # libcontainer
# libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json)
clone git github.com/coreos/go-systemd v3
clone git github.com/godbus/dbus v2
Index: docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go
===================================================================
--- docker-1.9.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go
+++ docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go
@@ -18,6 +18,7 @@ import (
"github.com/opencontainers/runc/libcontainer/cgroups"
"github.com/opencontainers/runc/libcontainer/configs"
"github.com/opencontainers/runc/libcontainer/criurpc"
+ "github.com/opencontainers/runc/libcontainer/utils"
)
const stdioFdCount = 3
@@ -863,7 +864,7 @@ func (c *linuxContainer) updateState(pro
}
defer f.Close()
os.Remove(filepath.Join(c.root, "checkpoint"))
- return json.NewEncoder(f).Encode(state)
+ return utils.WriteJSON(f, state)
}
func (c *linuxContainer) currentStatus() (Status, error) {
Index: docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go
===================================================================
--- docker-1.9.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go
+++ docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go
@@ -5,7 +5,6 @@ package libcontainer
import (
"encoding/json"
"fmt"
- "io/ioutil"
"os"
"os/exec"
"path/filepath"
@@ -19,6 +18,7 @@ import (
"github.com/opencontainers/runc/libcontainer/cgroups/systemd"
"github.com/opencontainers/runc/libcontainer/configs"
"github.com/opencontainers/runc/libcontainer/configs/validate"
+ "github.com/opencontainers/runc/libcontainer/utils"
)
const (
@@ -225,10 +225,7 @@ func (l *LinuxFactory) StartInitializati
// if we have an error during the initialization of the container's init then send it back to the
// parent process in the form of an initError.
if err != nil {
- // ensure that any data sent from the parent is consumed so it doesn't
- // receive ECONNRESET when the child writes to the pipe.
- ioutil.ReadAll(pipe)
- if err := json.NewEncoder(pipe).Encode(newSystemError(err)); err != nil {
+ if err := utils.WriteJSON(pipe, newSystemError(err)); err != nil {
panic(err)
}
}
Index: docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go
===================================================================
--- docker-1.9.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go
+++ docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go
@@ -15,6 +15,7 @@ import (
"github.com/opencontainers/runc/libcontainer/cgroups"
"github.com/opencontainers/runc/libcontainer/configs"
"github.com/opencontainers/runc/libcontainer/system"
+ "github.com/opencontainers/runc/libcontainer/utils"
)
type parentProcess interface {
@@ -71,7 +72,7 @@ func (p *setnsProcess) start() (err erro
return newSystemError(err)
}
}
- if err := json.NewEncoder(p.parentPipe).Encode(p.config); err != nil {
+ if err := utils.WriteJSON(p.parentPipe, p.config); err != nil {
return newSystemError(err)
}
if err := syscall.Shutdown(int(p.parentPipe.Fd()), syscall.SHUT_WR); err != nil {
@@ -262,7 +263,7 @@ func (p *initProcess) startTime() (strin
func (p *initProcess) sendConfig() error {
// send the state to the container's init process then shutdown writes for the parent
- if err := json.NewEncoder(p.parentPipe).Encode(p.config); err != nil {
+ if err := utils.WriteJSON(p.parentPipe, p.config); err != nil {
return err
}
// shutdown writes for the parent side of the pipe
Index: docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils.go
===================================================================
--- docker-1.9.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils.go
+++ docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils.go
@@ -3,6 +3,7 @@ package utils
import (
"crypto/rand"
"encoding/hex"
+ "encoding/json"
"io"
"path/filepath"
"syscall"
@@ -43,3 +44,13 @@ func ExitStatus(status syscall.WaitStatu
}
return status.ExitStatus()
}
+
+// WriteJSON writes the provided struct v to w using standard json marshaling
+func WriteJSON(w io.Writer, v interface{}) error {
+ data, err := json.Marshal(v)
+ if err != nil {
+ return err
+ }
+ _, err = w.Write(data)
+ return err
+}